SimpNews wap_short_news.php path_simpnews Variable Remote File Inclusion

2006-06-13T16:28:23
ID OSVDB:27669
Type osvdb
Reporter SpC-x(spc-x@bsdmail.org)
Modified 2006-06-13T16:28:23

Description

Vulnerability Description

SimpNews has been reported to contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is supposedly due to the wap_short_news.php script not properly sanitizing user input supplied to the 'path_simpnews' variable. However, subsequent examination by other researchers indicate that the variable is set to a static value via config.php, and not open to manipulation by a remote attacker.

Solution Description

The vulnerability reported is incorrect. No solution required.

Short Description

SimpNews has been reported to contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is supposedly due to the wap_short_news.php script not properly sanitizing user input supplied to the 'path_simpnews' variable. However, subsequent examination by other researchers indicate that the variable is set to a static value via config.php, and not open to manipulation by a remote attacker.

Manual Testing Notes

http://[target]/Simpnews/wap_short_news.php?path_simpnews=Command- Shell

References:

Vendor URL: http://www.boesch-it.de/sw/php-scripts/simpnews/english/index.php Other Advisory URL: http://www.security.nnov.ru/Ndocument164.html Other Advisory URL: http://www.root-security.org/danger/Simpnews.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0242.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0267.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0236.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0220.html